[CentOS] Re: Mixing RPMforge and EPEL (Was: EPEL repo)

R P Herrold herrold at owlriver.com
Mon Jul 30 22:44:47 UTC 2007


On Mon, 30 Jul 2007, Ray Van Dolson wrote:

> I understand how a lot of it "went down" (saw the meetings 
> and am on the lists as well), I'm just wondering if that 
> aside (I know, hard to do :), could there feasibly be an 
> RPM-based solution to this that would make repo-tags 
> obsolete?

'could be'?  Sure.  Check the package signing key against a 
well maintained index of the same, posibly on an automated 
basis with a small tool-let (TUI and widget).  Have a well 
maintained central archive to query against, which accepts new 
keys countersigned with a GPG key off record at a public 
keyserver, from a person in a chain of trust/chain of 'known'. 
Lock the network down with a CACert CA mediated SSL layer.

Likely to happen?  dunno -- step up and write it.  I cannot 
write it for free.  There have been proposals along these 
lines in one form or another, and the widget hasn't happened 
yet.

Until then, externally visible repotags were the next best 
option.  But they are 'unsightly' to the Red Hat person 
quoted, as they "clutter up the namespace".  Fine.  He wins. 
We all lose.

Tech support load sauce for the goose works on the gander as 
well.  I assume Dag and Axel will have to send people away 
when it is EPEL is present or conflicting for load management.

-- Russ Herrold




More information about the CentOS mailing list